tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Problem starting Tomcat + APR on port 80 using jsvc with setuid
Date Mon, 28 Nov 2011 13:39:12 GMT
2011/11/28 Óscar Frías Barranco <ofrias@gmail.com>:
> Hi.
>
> I want to start Tomcat 6.0.33 (running on port 80) from the command line of
> a non-root user.  I have set the setuid flag in the jsvc binary to
> "convert" the non-root user to root at the time of execution.  Then the
> jsvc binary is executed with the "--user tomcat" parameter.
>
> The thing is that the whole setup works and I can successfully start Tomcat
> from a non-root user command line if I don't use APR (libtcnative-1).
>
> But then I installed APR and now I can only start Tomcat from root command
> line.  If I try to start Tomcat from the non-root user command line I get
> the exception at the bottom.
>
> Why is this happening?  Is this a Tomcat bug?  Do I have to setuid another
> file besides "jsvc"?  Thanks!
>
>
> INFO: JvmRouteBinderValve started
> Nov 28, 2011 1:28:25 PM org.apache.coyote.http11.Http11AprProtocol start
> SEVERE: Error starting endpoint
> java.lang.Exception: Socket bind failed: [13] Permission denied
>        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:649)
>        at
> org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:766)
>        at
> org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
>        at
> org.apache.catalina.connector.Connector.start(Connector.java:1095)
>        at
> org.apache.catalina.core.StandardService.start(StandardService.java:540)
>        at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
>        at org.apache.catalina.startup.Catalina.start(Catalina.java:595)

What messages are before this one in the logs?
(Clear the log files and then start Tomcat).

Normally the workflow is the following:
1) init()  initializes connectors and port binding happens
2) priviledges are dropped
3) start()

Your stacktrace is from start(). I wonder why it is so, but without
looking in the sources I cannot say more. Please provide full logs as
I mentioned above.

You may have better luck with 7.0.x. Lifecycle handling was improved in 7.0.
In 7.0.x there is explicit "bindOnInit" attribute in connectors.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message